I have a PIX (6.1) and many users with VPN client 3.x. Some of them are behind various network equipment (Firewall, router ...) which perform dynamic NAT (PAT). Of course in this case the VPN doesn't work.
I found two potential solution :
-> IPSec over UDP. But I can't found how to configure this on my PIX and it's seem that this solution is only possible with a VPN concentrator. In this case I just want to ask why and if it will be avaible on a PIX one day (and when of course) =)
-> ESP-aware PAT device. If the device can use the ESP header to update his translation tables it would be perfect. But I did not find if a Checkpoint FW, a Raptor FW or even a PIX is an ESP-aware PAT device. Did somebody have any infos on these products ?
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...